Flashback
-
Should I be worried, or is Apple just making really sure that everyone gets that update? Looks like I'm back to version 1.0 anyway.. (x_x)
-
I'm guessing "Java for OSX" is in fact at 1.0?
-
@dhromed said:
I'm guessing "Java for OSX" is in fact at 1.0?
Well, it's not just "Java for OSX," it's "Java for OSX 2012-003." So, third patch of 2012? Does it actually update the JRE or JDK, or is it just removing malware and changing plugins? Do you only get this if you already have Java installed? If you didn't have Java installed, is this just Apple's sneaky way of getting you install it by making you think you have a security hole that you don't actually have?
More iQuestions than iAnswers.
-
iM trying really hard to keep in all these iJokes that I hope this thread doesn't devolve iNto.
-
What is this iDon't even...
-
For one, the Apple update packages in and of themselves, including security update packages, have a version number, and it has actually happened for the initially available update (with version 1.0) to be faulty and replaced by a 1.1 version, e.g. Snow Leopard Security Update 2012-001, version 1.1.
Second, as far as I have heard this update won't be proposed if Java is not installed, hence the standalone Flashback removal tool that Apple provides as well (which is useful to remove Flashback variants which use some other mechanism than Java to penetrate).
I haven't followed closely, but there was a first security update which closed the Java vulnerability - before the Flashback situation exploded in the press, in fact. Then Apple later added further safeties such as this setting to disable (by default) Java integration in the browser systemwide.
The More You Know, etc.
